| From: | Neil Conway <neilc(at)samurai(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Neil Conway <neilc(at)samurai(dot)com>, Vince Vielhaber <vev(at)michvhf(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd) |
| Date: | 2002-08-20 20:54:23 |
| Message-ID: | 877kilb69s.fsf@mailbox.samurai.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> Neil Conway <neilc(at)samurai(dot)com> writes:
> > + /* Check for integer overflow */
> > + if (tlen / slen != count)
> > + elog(ERROR, "Requested buffer is too large.");
>
> What about slen == 0?
Good point -- that wouldn't cause incorrect results or a security
problem, but it would reject input that we should really accept.
Revised patch is attached.
Cheers,
Neil
--
Neil Conway <neilc(at)samurai(dot)com> || PGP Key ID: DB3C29FC
| Attachment | Content-Type | Size |
|---|---|---|
| repeat_fix-2.patch | text/x-patch | 738 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dann Corbit | 2002-08-20 20:54:53 | Re: @(#)Mordred Labs advisory 0x0004: Multiple buffer overflows inPostgreSQL. (fwd) |
| Previous Message | Dann Corbit | 2002-08-20 20:53:39 | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd) |